(RADIATOR) Handler Realm attribute

Hugh Irvine hugh at open.com.au
Fri Jun 11 00:02:47 CDT 2004


Hello William -

As mentioned in my previous mail this is the expected behaviour.

The Realm is the first string after the first "@" sign.

This should probably be tightened up, but that's the way it has always 
been.

As described in my previous mail you should use the User-Name to do 
exact checking.

regards

Hugh


On 10 Jun 2004, at 19:45, William Hernandez wrote:

> Hi Hugh,
>
> The following change in radius.cfg:
>
> <Handler Realm=/^intworldaccess.com$/>
>         MaxSessions 1
>         SessionDatabase sessiondb-with-realm
> ...
> </Handler>
>
> Resulted in the following:
>
> Thu Jun 10 12:26:11 2004: INFO: Trace level increased to 4
> Thu Jun 10 12:26:15 2004: DEBUG: Packet dump:
> *** Received from 208.249.78.3 port 36755 ....
> Code:       Access-Request
> Identifier: 60
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "hlav710 at intworldaccess.com@prwebtv.net"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<134><208><245><194><168><19><161>5<164><133><228><174>
> <1>H<30>x"
>
> Thu Jun 10 12:26:15 2004: DEBUG: PreClientHook: Looking for 
> Connect-Speed
> Thu Jun 10 12:26:15 2004: DEBUG: Handling request with Handler
> 'Realm=/^intworld
> access.com$/'
>
> Please advise,
> William Hernandez
> ESS/PR Webmasters, Inc.
> Radiator 3.9
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Hugh Irvine
> Sent: Thursday, June 10, 2004 12:16 AM
> To: William Hernandez
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Handler Realm attribute
>
>
>
> Hello William -
>
> The Realm match is operating as expected.
>
> If you want to do an exact match you should do something like this:
>
> <Handler User-Name = /^([^@]+)@infoworldaccess.com$/>
>
> You should of course test this to make sure it works correctly.
>
> regards
>
> Hugh
>
>
> On 9 Jun 2004, at 20:43, William Hernandez wrote:
>
>> Hello everyone,
>>
>> I'm seeing the following in the radius log files:
>>
>> Tue Jun  8 16:43:43 2004: INFO: Access rejected for
>> hlav710 at intworldaccess.com@prwebtv.net: MaxSessions exceeded
>>
>> I am not using Rewrites in the handler. The radius.cfg has:
>>
>> <Handler Realm=intworldaccess.com>
>>         MaxSessions 1
>> ...
>> </Handler>
>>
>> The handler appears not to be doing an exact match on the Realm.
>>
>> Please advise.
>>
>> William Hernandez
>> ESS/PR Webmasters, Inc.
>> Radiator 3.9
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list